Overview

The Employee Retirement Income Security Act (ERISA) Filing Acceptance System (EFAST2) is owned by the DOL's Employee Benefits Security Administration (EBSA) and developed and operated by a private contractor.

Under Titles I and IV of ERISA, and the Internal Revenue Code, pension and other employee benefit plans are required to file annual returns/reports concerning the financial condition and operations of the plan. These requirements are generally satisfied by filing the Form 5500 Series. The EFAST2 data is used by EBSA in its enforcement of Federal laws, regulations, and standards. The system also supports monitoring and enforcement of ERISA reporting requirements and processing of ERISA-prohibited transaction exemptions. The EFAST2 system provides the public, filers, third party vendors, Internal Revenue Service (IRS), Pension Benefit Guaranty Corporation (PBGC), and EBSA with self-service and customer services offerings.

EFAST2 electronically receives, processes, stores, publicly discloses, distributes, and archives approximately 1.1 million Form 5500 series filings expected to be submitted annually by the public. Form 5500 series electronic filings are processed include structured data associated with forms and schedules, and unstructured data associated with Portable Document Format (PDF) and text (TXT) file attachments.

The web portal interface facilitates various filing actions, permits visibility to filings following security guidelines, and distributes data to associated Government entities.

EFAST2 data is furnished to two other Government Agencies: the Internal Revenue Service (IRS) and the Pension Benefit Guaranty Corporation (PBGC).

DOL EBSA's final rule RIN 1210-AB04, available at http://www.dol.gov/ebsa/regs/fedreg/final/2006006331.htm, mandated electronic filing for all Form 5500 filings submitted under Title 1 of ERISA (Employee Retirement Income Security Act) beginning on January 1, 2010. EFAST2 is a new web-based system designed to process the Form 5500 filings submitted over the Internet starting in 2010. The Pension Protection Act of 2006 requires DOL to electronically disclose basic and actuarial information contained in those filings on its website. EFAST2 provides that disclosure function.

Characterization of the Information

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.
The Form 5500 requires the name and business contact information of employee benefit plan administrators, plan sponsors, and filing entities. . Additionally, depending on the reporting requirements applicable to the type of return/report being filed, the manual signature of the plan administrator, plan sponsor, Direct Filing Entity (DFE), actuary, accountant and/or fiduciary may be collected. When the Schedule SB or MB is attached to a one-participant 5500SF, it may contain financial information related to an individual. The application for electronic signature, filing transmission, software development, and IFILE authoring collects names, business contact information, and secret information (the city or date of birth).

What are the sources of the PII in the information system?
Filings containing PII are provided by the filing preparer.

Applications for electronic credentials contain PII and are completed by individuals requesting those credentials. Specifically, the application to receive electronic signature credentials is completed and submitted by the plan sponsor, administrator, or direct filing entity. The application for filing transmitter credentials is provided by the person or organization who wishes to submit large quantities of Form 5500 filings. The application for Form 5500 software developer credentials is provided by the organization that wishes to develop and certify Form 5500 preparatory or submission software. The application for IFILE author credentials is provided by individual wishing to use the free web-based application on the EFAST website to prepare Form 5500 or portions thereof.

What is the PII being collected, used, disseminated, or maintained?
{Include answer here}

How is the PII collected?
Filings can be submitted to EFAST2 in two methods under the system: (1) filings can be submitted using web-based, interactive data entry capabilities; and (2) filings can be submitted electronically using third-party Government-approved software. Submitted filings are captured into EFAST2 data repositories.

How will the information be checked for accuracy?
Independent monitoring and quality control of the system will use software routines that examine the data and produce reports. Inaccuracies or discrepancies in the data would be identified through these reports and steps would be taken to identify the source of the error and correct it.

What specific legal authorities, arrangements, and/or agreements defined the collection of information?
The ERISA Act of 1974 and provisions of the Internal Revenue Code require certain employee benefit plans to submit information annually to the Federal government (EBSA, IRS, and PBGC). The Department of Labor, Internal Revenue Service and the Pension Benefit Guaranty Corporation created the EFAST and EFAST2 (forms) systems to streamline the forms and the methods by which the forms are filed and processed. These forms are reviewed and approved by OMB annually.

Privacy Impact Analysis
EFAST2 is in the Operation phase. As EFAST2 has progressed through its life cycle, risks to PII have been reassessed and updated in documentation as contract deliverables. An updated risk assessment is required annually and the next version is delivered in 2010.

Uses of the PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII. What types of tools are used to analyze data and what type of data may be produced? Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?

EFAST2 publicly discloses the Form 5500 except if a Schedule MB or SB is attached to a one-participant 5500-SF. EFAST2 also provides the filing data to DOL, IRS, and PBGC for analysis and enforcement as described below.

The DOL will retrieve EFAST2 data and use it to populate the ERISA Data System (EDS), a relational database of plan filing data and images. Departments within DOL query EDS data to fulfill research, compliance, auditing, enforcement, and filer support responsibilities. The Office of Enforcement exports EDS data to the Enforcement Management System (EMS), OE's client-server application, the official source of enforcement information for investigators.

The IRS will retrieve EFAST2 data and use it to populate the Employee Plans Master File (EPMF), housed at the IRS's main ERISA data repository at the IRS Martinsburg Computing Center. EPMF data are used primarily to generate penalty notices to filers of late or incomplete returns. EPMF data will be exported to the EPMF Corporate Files On-Line (CFOL) and the EPMF Taxpayer Information Filer Databases (TIF). The EPMF CFOL database provides access to Returns Inventory and Classification System (RICS) users, who select returns for examination and quality review, and create facsimiles of Form 5500 series returns for Employee Plans (EP) Examiners. The EPMF TIF database will provide access to Integrated Data Retrieval System (IDRS) users, who correct EPMF unpostables, perform notice review, and respond to filer inquires.

The PBGC uses EFAST2 data to populate three end-user processing systems, including the Premium and Practitioner System (PPS), the Risk Management Early Warning system (RMEW), and the Pension Insurance Modeling System (PIMS). PPS is used by PBGC to compare Form 5500 with Form 1 Premium Filings for compliance. PPS feeds data into RMEW, where plan records are converged with a consortium of data from several other sources, which RMEW maintains. RMEW provides cross-comparisons of Form 5500 plan records and other data sources to monitor plans facing claims risk. In addition to PPS and RMEW, PBGC uses EFAST2 data to populate PIMS. PIMS is populated using data from Form 5500 Attachments (80% of PIMS data) and from the Schedule MB or SB (20% of PIMS data).

If the system uses commercial or publicly available data, please explain why and how it is used.
EFAST2 will not use additional commercial or publicly available data.

Privacy Impact Analysis
In compliance with the OMB, NIST, and the DOL CSH, security controls following NIST Special Publication 800-53 requirements and guidance are implemented as documented in an EFAST2 Security Plan in December of 2009. An accompanying Security Procedures Manual was also delivered. The Final versions of both documents were included in the EFAST2 authorization package, and will be minimally annually updated.

Retention

The following questions are intended to outline how long information will be retained after the initial collection.

How long is information retained in the system?
Filing records will be retained in the database from filing receipt for a minimum of five years after delivery to the Government of final data records.

Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?
EBSA will archive EFAST2 data with the United States National Archives and Records Administration (NARA), in accordance with archiving directives. A draft record schedule and plan is currently being reviewed.

How is it determined that PII is no longer required?
EBSA participates in the Department of Labor's efforts to reduce the use of PII in its systems, and annually submits to the OCIO an EFAST PII Report.

What efforts are being made to eliminate or reduce PII that is collected, stored or maintained by the system if it is no longer required?
The EFAST system is being replaced by EFAST2, which does not collect social security numbers from filers. EFAST operations cease July 1, 2010 and EFAST2 is currently in operation.

Privacy Impact Analysis
All Form 5500 return/report information shall be accounted for upon receipt and properly stored before, during, and after processing. In addition, all related output shall be given the same level of protection as required for the source material. The Contractor shall certify that the data processed during the performance of this contract shall be completely purged from all data storage components of the Contractor's computer facility, and the Contractor shall retain no output at the time the work under the contract is completed. If immediate purging of all data storage components is not possible, the Contractor certifies that any and all Form 5500 return/report data remaining in any storage component will be safeguarded to prevent unauthorized disclosure.

Internal Sharing and Disclosure

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
Selected EFAST2 data will be provided to DOL and used by the following EBSA offices: Office of Enforcement (OE) used for ERISA enforcement purposes; Office of the Chief Accountant (OCA) for compliance enforcement and filer assistance purposes; Office of Policy and Research (OPR) for research and reporting purposes; and the Office of Participant Assistance (OPA) for public disclosure and assistance purposes.

How is the PII transmitted or disclosed?
The DOL will retrieve EFAST2 plan filing data and images through a secure file transfer and use it to populate the ERISA Data System (EDS), a relational database. Departments within DOL query EDS data, and the Office of Enforcement exports the EDS data to the Enforcement Management System (EMS), the major application that supports the enforcement of ERISA laws.

Privacy Impact Analysis
Since only publicly disclosable information is provided to EBSA internal users, there are no privacy risks aside from un-requested PII mistakenly placed by filers on to "open to public inspection" forms and free-form attachments.

External Sharing and Disclosure

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?
PII will be shared with the following external agencies to fulfill their statutory, regulatory, and reporting obligations:

Internal Revenue Service (IRS) for processing the pension plan data submitted by filers.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
The data shared is compatible with the original collection. The SORN for the current (legacy) EFAST system is identified by:

An update to this SORN addressing the change in data collection from paper and electronic filing to Web browser-based collection will be filed by EBSA.

How is the information shared outside the Department and what security measures safeguard its transmission?IRS Interfaces. The IRS will retrieve EFAST2 data through an encrypted, secure file transfer protocol and use it to populate the Employee Plans Master File (EPMF), housed at the IRS's main ERISA data repository. An interconnection security agreement (ISA) will be finalized and signed by IRS and DOL prior to operations. The ISA specifies security measures safeguarding data transmission and security responsibilities of the agencies.

PBGC Interface: The PBGC uses EFAST2 data to populate three end-user processing systems, including the Premium and Practitioner System (PPS), the Risk Management Early Warning system (RMEW), and the Pension Insurance Modeling System (PIMS). An ISA between PBGC and DOL is in effect and is reviewed annually and updated as required. An interconnection security agreement was signed by PBGC and DOL prior to start of production operations of the EFAST2 system. The ISA specifies security measures safeguarding data transmission and security responsibilities of the agencies.

Privacy Impact Analysis
EBSA has developed the EFAST2 interconnection security agreements with its Federal agency partners. Details of the operational, management, and technical security measures to mitigate the risks assessed by these agencies was described and agreed to in the ISAs, which was submitted to the DOL as a part of the complete system authorization package requesting authority to deploy EFAST2.

Notice

The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individual prior to collection of PII?
Yes. EBSA provides on the http://www.efast.dol.gov website information on the Form 5500 series, along with answers to frequently asked questions, explanations of the filing process, and links to the forms with filing instructions. The EFAST2 web site displays a Privacy and Security Statement within the user registration process. Users must actively click that they have read and accept the privacy statement before they can enter any PII.

Do individuals have the opportunity and/or right to decline to provide information?
No. The ERISA Act of 1974 and provisions of the Internal Revenue Code require certain employee benefit plans to submit information annually to the Federal government (EBSA, IRS, and PBGC). Recent regulatory changes have mandated electronic filing for all Form 5500 filings made under Title 1 of ERISA beginning on January 1, 2009. EFAST2 is the Web-based system designed to process the Form 5500 filings to be submitted annually over the Internet starting in 2010.
If the information required on the Form 5500 series is not provided electronically and in accordance with the instructions, the plan sponsor/administrator may receive a follow-on letter requesting the missing information. If the information is still not provided, it then becomes a filing compliance or enforcement issue and dealt with accordingly.

Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
No, filers are bound by the ERISA Act of 1974 and provisions of the Internal Revenue Code.

Privacy Impact Analysis
The web portal follows the policies and procedures regarding privacy policy and data collection on federal web sites maintain the security of non-disclosable information. The Contractor developed the web portal in accordance with all Government requirements which are cited by the contract regarding public websites including the OMB Policies for Federal Public Websites, NIST publication 800-44 Guidelines on Securing Public Web Servers, and the E-Government Act of 2002. The Contractor follows the DOL External Linking Policy and the Editorial Style Guide and adheres to the Web Community Standards for Design, Navigation, and Cross-Functionality.

To provide stateful storage of information, session cookies or other session mechanisms may be used and shall be managed by DOL policies. Persistent cookies or other client side persistent storage mechanisms are not used. Session cookies may be used provided that they do not threaten the privacy of individuals and do not track users over time and across different web sites. Session information stored on an end user's computer or transferred over the Internet are only in the form of unique, non-sequential identifiers. The actual state variables and metadata are not stored on the end user's computer. All session data is stored on the web portal servers or infrastructure and internally referenced via this unique session identifier. Except for PDF readers, browser plug-ins or any applications or helpers that require a user to download and/or install them are specifically prohibited.

Access, Redress, and Correction

The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individuals to gain access to their information?
If filers are using the EFAST2 filing authoring tool (IFILE) they can display their filing information in a facsimile format, print, and review it prior to submission to the Government. After filings are submitted to the Government, filers can search for, view, print, and verify their submitted filing information.

Users that have acquired electronic credentials through EFAST2 may change their contact information or network keys (i.e., PIN, password) after successful authentication.

What are the procedures for correcting inaccurate or erroneous information?
EFAST 2 will automatically review submitted filing information for certain errors and omissions. If an error or omission is discovered by EFAST2, the filer will be electronically notified through a web service message. An erroneous filing can be fixed and resubmitted by the filer.

How are individuals notified of the procedures for correcting their information?
The Form 5500 instructions which the filer to which should be referring would alert filers of the procedures for correcting or amending filing information.

The EFAST2 notification process cited above would also alert filers of the need to correct or amend their filing.

Additionally, the software filers are using would guide them through how to correct or amend a filing.

If no formal redress is provided, what alternatives are available to the individual?
N/A

Privacy Impact Analysis
EFAST2 collects and retrieves information about benefit plans. The vast majority of this information is publicly disclosable and posted on EBSA's website. In the event erroneous filing information is submitted and then corrected, only the corrected filing information would be disclosed on the website. The erroneous filing information would only be provided through EBSA's public disclosure office.

Technical Access and Security

The following questions are intended to describe technical safeguards and security measures.

What procedures are in place to determine which users may access the system and are they documented?
EFAST2 implements an access control list which is provided to the Contractor through documented Government Furnished Information. The access control list specifies what information may be disclosed to which users through the EFAST2 web portal.
EFAST2 also implements interface requirements which is also provided to the Contractor through documented Government Furnished Information. The Interface Requirements Document (IRD) specifies what information may be disclosed to which Government users outside of the EFAST2 web portal.
EFAST2 access security controls are aligned with NIST, DOL, IRS, SSA, and PBGC requirements. User groups include government staff and contractor staff, and consist of administrators, developers, and end users, and are grouped by system policies to ensure least privilege and need to know. The security controls and status are identified and addressed. Access controls planned and/or implemented include, but are not limited to: User IDs, passwords, firewalls, encryption, intrusion detection system, audit trails, facility access cards, and minimum background investigations.

Will Department contractors have access to the system?
Yes, Department contractors will access the system as administrators, developers, and users.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
Contractor and Government users are subject to privacy security awareness training requirements prescribed by the DOL.
Users requesting electronic credentials in EFAST2 will be required to read and agree to an EFAST2 privacy statement.

What auditing measures and technical safeguards are in place to prevent misuse of data?
Auditing controls are aligned with contractual requirements and per guidance issued by the OMB, NIST, and outlined in the DOL CSH.

Privacy Impact Analysis
EFAST2 is currently in Operation phase. As EFAST2 has progressed through its life cycle, risks have been assessed, updated, and documented. The EFAST2 Risk Assessment was included with the system authorization package before operations began.

Technology

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.

What stage of development is the system in, and what project development life cycle was used?
EFAST2 is in the Operation phase of its development life cycle. The life cycle methodology is iterative in nature, but overall conforms to the DOL's System Development Life Cycle Management Manual, Version 2.2, November 2006.

Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
There are no privacy concerns that are not already identified and addressed in the earlier sections of this PIA.

Determination

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

The Employee Benefits Security Administration has completed the PIA for the Employee Retirement Income Security Act (ERISA) Filing Acceptance System 2 (EFAST2), which is currently in operation. The Employee Benefits Security Administration has determined that the safeguards and controls for this moderate system will adequately protect the information.

The Employee Benefits Security Administration has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.

This assessment demonstrated that EBSA is adhering to and will continue to adhere to the provisions of the Privacy Act of 1974 for PII contained in EFAST2. EFAST2 will contain a limited amount of PII. Some PII will be contained on forms open to public inspection but not retrievable by PII. PII on non-disclosable forms will be stored for the exclusive purpose of performing the duties of the Federal Agencies involved and will be collected directly from the individuals, whenever possible. All PII will be protected by security controls, which will be subjected to rigorous Security Test & Evaluation as part of Security Certification prior to and as a condition of granting an Authorization To Operate (ATO) of the system. The risk of misuse or loss of filing data is, therefore, judged to be minimal.